US11222144B2 - Self-encrypting storage device and protection method - Google Patents

Self-encrypting storage device and protection method Download PDF

Info

Publication number
US11222144B2
US11222144B2 US16/286,520 US201916286520A US11222144B2 US 11222144 B2 US11222144 B2 US 11222144B2 US 201916286520 A US201916286520 A US 201916286520A US 11222144 B2 US11222144 B2 US 11222144B2
Authority
US
United States
Prior art keywords
storage device
security information
data
command
host device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US16/286,520
Other versions
US20200065528A1 (en
Inventor
Takaya Ogawa
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Kioxia Corp
Original Assignee
Toshiba Memory Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Toshiba Memory Corp filed Critical Toshiba Memory Corp
Assigned to TOSHIBA MEMORY CORPORATION reassignment TOSHIBA MEMORY CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: OGAWA, TAKAYA
Publication of US20200065528A1 publication Critical patent/US20200065528A1/en
Assigned to WILMINGTON TRUST, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT reassignment WILMINGTON TRUST, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT PATENT SECURITY AGREEMENT Assignors: SPACE SYSTEMS/LORAL, LLC
Assigned to ROYAL BANK OF CANADA, AS COLLATERAL AGENT reassignment ROYAL BANK OF CANADA, AS COLLATERAL AGENT PATENT SECURITY AGREEMENT Assignors: SPACE SYSTEMS/LORAL, LLC
Assigned to WILMINGTON TRUST, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT reassignment WILMINGTON TRUST, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT PATENT SECURITY AGREEMENT Assignors: SPACE SYSTEMS/LORAL, LLC
Application granted granted Critical
Publication of US11222144B2 publication Critical patent/US11222144B2/en
Assigned to KIOXIA CORPORATION reassignment KIOXIA CORPORATION CHANGE OF NAME (SEE DOCUMENT FOR DETAILS). Assignors: TOSHIBA MEMORY CORPORATION
Assigned to Maxar Intelligence Inc., MAXAR TECHNOLOGIES HOLDINGS INC., MAXAR SPACE LLC reassignment Maxar Intelligence Inc. TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENTS AND TRADEMARK - RELEASE OF REEL/FRAME 053866/0719 Assignors: ROYAL BANK OF CANADA, AS AGENT
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F1/00Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
    • G06F1/26Power supply means, e.g. regulation thereof
    • G06F1/32Means for saving power
    • G06F1/3203Power management, i.e. event-based initiation of a power-saving mode
    • G06F1/3234Power saving characterised by the action undertaken
    • G06F1/325Power saving in peripheral device
    • G06F1/3268Power saving in hard disk drive
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F1/00Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
    • G06F1/26Power supply means, e.g. regulation thereof
    • G06F1/32Means for saving power
    • G06F1/3203Power management, i.e. event-based initiation of a power-saving mode
    • G06F1/3206Monitoring of events, devices or parameters that trigger a change in power modality
    • G06F1/3228Monitoring task completion, e.g. by use of idle timers, stop commands or wait commands
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/79Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/80Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0602Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
    • G06F3/062Securing storage systems
    • G06F3/0622Securing storage systems in relation to access
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0629Configuration or reconfiguration of storage systems
    • G06F3/0634Configuration or reconfiguration of storage systems by changing the state or mode of one or more devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0655Vertical data movement, i.e. input-output transfer; data movement between one or more hosts and one or more storage devices
    • G06F3/0658Controller construction arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0668Interfaces specially adapted for storage systems adopting a particular infrastructure
    • G06F3/0671In-line storage system
    • G06F3/0673Single storage device
    • G06F3/0679Non-volatile semiconductor memory device, e.g. flash memory, one time programmable memory [OTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Definitions

  • Embodiments described herein relate generally to a storage device and a program.
  • a self-encrypting drive which is a storage device having a data encryption function has been used.
  • the self-encrypting drive has a built-in secret key, and the safety and confidentiality of the drive are secured by prohibiting reading of this secret key from the outside.
  • the self-encrypting drive has an authentication function and is unlocked, for example, by a password entered via a host device. After being unlocked, the self-encrypting drive permits reading and writing by the host device, and then enters in a locked state again as the power of the drive is turned off.
  • FIG. 1 is a block diagram showing an example of a configuration of a storage device according to a first embodiment and a computer system including the storage device.
  • FIG. 2 is a block diagram showing an example of a configuration of a controller of the storage device according to the first embodiment.
  • FIGS. 3A and 3B are diagrams showing an example of a storage state of each data in the computer system according to the first embodiment.
  • FIG. 4 is a diagram showing an example of a shift operation to a low power state and a return operation from the low power state of the computer system according to the first embodiment.
  • FIG. 5 is a flowchart showing an example of shift processing to the low power state and return processing from the low power state in the computer system according to the first embodiment.
  • FIG. 6 is a flowchart showing an example of encryption processing and tampering prevention processing of security information according to the first embodiment.
  • FIG. 7 is a conceptual diagram of the encryption processing and the tampering prevention processing of the security information according to the first embodiment.
  • FIG. 8 is a flowchart showing an example of verification processing and decryption processing of the security information according to the first embodiment.
  • FIG. 9 is a conceptual diagram of the verification processing and the decryption processing of the security information according to the first embodiment.
  • FIG. 10 is a flowchart showing an example of shift processing to a low power state and return processing from the low power state in a computer system according to a second embodiment.
  • Embodiments provide a storage device and a program for safely returning the storage device to an unlocked state while lowering standby power.
  • a storage device includes a controller configured to control the storage device, and a storage area for security information, the security information including flag information indicating whether reading or writing of data from/to the storage device is permitted and time information indicating a cumulative time value during which power of the storage device has been turned on.
  • the controller When a first command is received from a host device, the controller generates encrypted data by encrypting data obtained by combining the time information and the security information, and after transmitting the encrypted data to the host device, shifts the storage device to a low power state.
  • a storage device when an access frequency decreases, generally, a storage device is controlled to shift from a normal state to a low power state to save power consumption.
  • a self-encrypting drive it is preferable to return from the low power state to the normal state without requiring a re-entry of a password.
  • the power of the self-encrypting drive is turned off due to battery exhaustion, theft, and the like, it is possible to prevent leakage of data stored in the drive by causing the storage device to enter into the locked state again.
  • a method of holding a part of the internal state of the self-encrypting drive in a storage circuit with extremely small standby power such as retention static random access memory (SRAM), retention flip flop (FF), or the like is conceivable.
  • SRAM retention static random access memory
  • FF retention flip flop
  • the contents held in the storage circuit are written back to a normal storage area.
  • safety of the drive is guaranteed by relocking the drive and erasing the contents of the retention SRAM and retention FF.
  • standby power is required slightly.
  • a method of storing a part of the above state in a nonvolatile memory such as a NAND flash memory and then completely turning off the power of the drive is conceivable.
  • standby power of the drive is zero.
  • data stored in the drive will be stolen.
  • an attack may be possible which wakes up the drive in the unlocked state.
  • frequent writing to the nonvolatile memory leads to wearing out of the nonvolatile memory.
  • a method of turning off the power of the self-encrypting drive in a state in which unencrypted password (that is, plaintext) is stored in a secure area of the host device is conceivable. Thereafter, the power of the drive is turned on, recovered from the low power state, and the password is read from the host device. In this method, standby power of the drive is zero.
  • the host device is stolen together with the drive, for example, the password is leaked by reading the password flowing through a bus interface (for example, serial ATA (SATA), peripheral component interconnect (PCI), dual inline memory module (DIMM), and the like) with a measuring device or the like. This also applies to the case where the internal state of the drive instead of the password is stored in the host device.
  • SATA serial ATA
  • PCI peripheral component interconnect
  • DIMM dual inline memory module
  • the storage device when transitioning the storage device, which is a self-encrypting drive, to the low power (or power-off) state, the storage device is capable of safely saving a secret key used for encrypting data stored in a storage device and/or confidential information such as the locked state of the storage device in an area that is not necessarily secure such as a predetermined buffer of a host device.
  • the storage device performs encryption processing and tampering prevention processing on confidential information stored in the storage device and saves the processed data to the host device.
  • the information indicating power-on time is saved to a nonvolatile memory or the like in the storage device, for example.
  • the storage device verifies the authenticity of the data using the information indicating the power-on time. In this way, confidential information of the storage device may be safely saved and restored to the host device, and replay attack may be prevented.
  • the computer system includes a storage device connected to a host device through an interface of the PCIe (PCI Express) standard and supporting a host memory buffer of the NVMe standard.
  • Supporting the host memory buffer means that a part of the DRAM of the host device is used as a buffer of the storage device.
  • the storage device realizes the low power state within the behavior defined by the NVMe standard.
  • FIG. 1 is a block diagram showing an example of a configuration of a storage device according to the present embodiment and a computer system 1 including the storage device.
  • the computer system 1 includes a host device 2 and a storage device 3 .
  • the host device 2 is an information processing device such as a personal computer (PC), a smartphone, or the like.
  • the host device 2 includes a connector interface (I/F) 21 , a central processing unit (CPU) 22 , a random access memory (RAM) 23 , and a read only memory (ROM) 24 .
  • the connector interface 21 , the RAM 23 , and the ROM 24 are electrically connected to the CPU 22 , respectively.
  • the connector interface 21 performs interface processing between the host device 2 and the storage device 3 . More specifically, the connector interface 21 transmits and receives commands, addresses, data, information, commands, signals, and the like to and from the storage device 3 via the connector interface 31 of the storage device 3 to be described later.
  • the connector interface 21 is, for example, an interface of the PCIe standard.
  • the CPU 22 is a processor that controls the operation of the host device 2 .
  • the CPU 22 is controlled by, for example, a control program stored in the ROM 24 .
  • the CPU 22 transmits commands and the like for controlling the storage device 3 to the storage device 3 via the connector interface 21 .
  • the CPU 22 stores the data and the like received from the storage device 3 via the connector interface 21 in the RAM 23 , the ROM 24 , or the like.
  • the RAM 23 is used as a work area of the CPU 22 , and a control program and various data necessary for executing the control program are stored therein.
  • the RAM 23 may be used as, for example, a cache memory for temporarily storing data.
  • the RAM 23 is a volatile memory such as static random-access memory (SRAM) or dynamic random-access memory (DRAM), for example.
  • the ROM 24 is a nonvolatile memory that stores software such as a control program used by the CPU 22 or firmware.
  • the CPU 22 may be configured as a system on chip (SoC).
  • SoC system on chip
  • the RAM 23 and/or the ROM 24 may be provided in the CPU 22 .
  • the storage device 3 is a storage device such as a solid state drive (SSD), for example.
  • the storage device 3 may be a hard disk drive (HDD) or the like.
  • the storage device 3 includes a connector interface (I/F) 31 , a controller 32 , a RAM 33 , a flash memory 34 , and the like.
  • the connector interface 31 , the RAM 33 , and the flash memory 34 are electrically connected to the controller 32 , respectively.
  • the connector interface 31 performs interface processing between the storage device 3 and the host device 2 .
  • the connector interface 31 may be provided in the controller 32 .
  • the controller 32 is an SoC that controls the operation of the entire storage device 3 .
  • the controller 32 performs encryption processing and tampering prevention processing on predetermined data (e.g., security information to be described later) in the storage device 3 .
  • the controller 32 transmits the security information subjected to these kinds of processing to the host device 2 .
  • the controller 32 reads the security information from the host device 2 and performs verification processing and decryption processing on the read security information.
  • controller 32 Details of the configuration of the controller 32 will be described later with reference to FIG. 2 . In addition, details of the processing executed by the controller 32 will be described later with reference to FIGS. 3A and 3B .
  • the RAM 33 is used as a work area of the controller 32 .
  • the RAM 33 also may be used as, for example, a cache memory for temporarily storing data.
  • the RAM 33 is a volatile memory such as SRAM, DRAM, or the like.
  • the flash memory 34 is a nonvolatile memory constituting a storage area of the storage device 3 .
  • the flash memory 34 is, for example, a NAND-type flash memory, but may be another nonvolatile semiconductor memory such as a NOR-type flash memory, magnetoresistive random access memory (MRAM), phase change random access memory (PRAM), resistive random-access memory (ReRAM), ferroelectric random-access memory (FeRAM) or the like.
  • the flash memory 34 may be another nonvolatile memory, a magnetic memory, or the like.
  • the flash memory 34 may be a three-dimensional memory.
  • the above-described ROM 24 is, for example, the same type of memory as the flash memory 34 .
  • FIG. 2 is a block diagram showing an example of the configuration of the controller of the storage device according to the present embodiment.
  • the controller 32 includes an interface (I/F) 321 , a CPU 322 , a RAM controller 323 , a flash memory controller 324 , a RAM 325 , a ROM 326 , and the like and are connected by a system bus.
  • I/F interface
  • the interface 321 performs interface processing for access to the controller 32 .
  • the interface 321 is, for example, an interface of the PCIe standard or the like.
  • the CPU 322 is a processor that controls the operation of the controller 32 . Like the CPU 22 of the host device 2 , the CPU 322 is controlled by a predetermined control program or the like.
  • the RAM controller 323 is a controller for controlling the above-described RAM 33 .
  • the flash memory controller 324 is a controller for controlling the above-described flash memory 34 .
  • the RAM 325 is a volatile memory constituting a storage area inside the controller 32 .
  • the RAM 325 stores, for example, a data encryption key DK, a read lock flag F 1 , a write lock flag F 2 , a password authentication key PK, power-on time information PI, and the like.
  • the data encryption key DK is key information for encrypting the data stored in the flash memory 34 .
  • the controller 32 encrypts the data by using the data encryption key DK.
  • the data encryption key DK for example, Advanced Encryption Standard (AES) in XTS mode or the like is used.
  • AES Advanced Encryption Standard
  • the size of the data encryption key is, for example, 512 bits.
  • the read lock flag F 1 and the write lock flag F 2 are flag information indicating permission/rejection status for accessing the storage device 3 .
  • the read lock flag F 1 is a flag for managing whether or not the storage device 3 is in a read-disabled state.
  • the controller 32 refuses to read the data stored in the flash memory 34 of the storage device 3 .
  • the read lock flag F 1 is on, the storage device 3 enters into a read-disabled state, and when the read lock flag F 1 is off, the storage device 3 enters into a read-enabled state.
  • the write lock flag F 2 is a flag for managing whether or not the storage device 3 is in a write-disabled state.
  • the controller 32 refuses to write data to the flash memory 34 of the storage device 3 .
  • the write lock flag F 2 is on, the storage device 3 enters into a write-disabled state, and when the write lock flag F 2 is off, the storage device 3 enters into a write-enabled state.
  • the data sizes of the read lock flag F 1 and the write lock flag F 2 are, for example, 1 bit.
  • the password authentication key PK is data representing a password for allowing a user to access the storage device 3 via the host device 2 , for example.
  • the user enters a predetermined password to the storage device 3 via the host device 2 .
  • the host device 2 transmits the entered password to the storage device 3 .
  • the controller 32 compares the password received from the host device 2 with the password authentication key PK, and when the two match, it is determined that the authentication of the user is successful and the access of the user to the storage device 3 is permitted.
  • the password authentication key PK includes a plurality of pieces of password information corresponding to a plurality of users.
  • the data size of the password authentication key PK is, for example, 256 bits for each user.
  • the data encryption key DK, the read lock flag F 1 , the write lock flag F 2 , the password authentication key PK and the like described above are saved to the host device 2 when the storage device 3 shifts to a low power state.
  • these data to be saved to the host device 2 are collectively referred to as security information SI 1 .
  • the data encryption key DK and password authentication key PK may optionally be included in the security information SI 1 . That is, the security information SI 1 includes at least the read lock flag F 1 and the write lock flag F 2 .
  • the controller 32 may save the data encryption key DK and the password authentication key PK to, for example, the ROM 326 or the flash memory 34 .
  • the security information SI 1 may further include various kinds of intermediate security information generated when unlocking the storage device 3 by password entered from the user, or other information.
  • the power-on time information PI is information representing the cumulative time value during which the power of the storage device 3 has been turned on from product shipment to the present.
  • the power-on time information PI is, for example, a value of a counter indicating the elapse of a unit time, and a value is added every time the unit time elapses.
  • the unit time is preferably about 1 millisecond or less, for example.
  • the power-on time information PI In the power-on time information PI, addition of values is stopped after the power of the storage device 3 is turned off, and addition of the values is started again after the power is turned on again. For this reason, the power-on time information PI is stored in the ROM 326 , the flash memory 34 , or the like in a non-volatilized manner when the power is turned off. The power-on time information PI may be stored in the RAM 33 while the power is turned on.
  • the power-on time information PI is stored in the SSD as a part of the management information.
  • this management information is SMART information that may be acquired by a “Get Log Page” command.
  • the power-on time information PI is a value represented by the item “Power On Hours” in this SMART information.
  • the ROM 326 is a nonvolatile memory constituting a storage area inside the controller 32 .
  • the ROM 326 stores, for example, secret key information KI.
  • the secret key information KI includes, for example, a first secret key SK 1 , a second secret key SK 2 , and the like.
  • the first secret key SK 1 is a fixed secret key for encrypting the security information SI 1 . More specifically, the first secret key SK 1 is key information used when the security information SI 1 is encrypted and decrypted by AES, for example.
  • the data size of the first secret key SK 1 is, for example, 256 bits.
  • the second secret key SK 2 is key information used when applying the tampering prevention processing to the security information SI 1 . More specifically, the second secret key SK 2 is key information used for calculating a unique value (message authentication code) for the security information SI 1 , for example, by the hash-based message authentication code (HMAC) method. In the case of the HMAC method, the message authentication code is an output value of a cryptographic hash function. In addition, the data size of the second secret key SK 2 is, for example, 256 bits.
  • the RAM 33 may be provided in the RAM 325 .
  • the RAM 325 and/or the ROM 326 may be disposed outside the controller 32 .
  • FIGS. 3A and 3B are diagrams showing an example of the storage state of each piece of data in the computer system according to the present embodiment.
  • FIG. 3A shows the storage state of each piece of data before the storage device 3 shifts to the low power state.
  • the storage device 3 includes security information SI 1 , secret key information KI, and power-on time information PI.
  • a buffer 25 of the host device 2 does not include these pieces of information.
  • the buffer 25 is a storage area implemented in, for example, the RAM 23 or the like. More specifically, the buffer 25 is a host memory buffer of the NVMe standard or the like as described above.
  • FIG. 3B shows the storage state of each piece of data after the storage device 3 shifts to the low power state.
  • the controller 32 performs encryption processing and tampering prevention processing on the security information SI 1 .
  • the security information SI 1 is converted into processed security information SI 2 .
  • the controller 32 transmits the processed security information from the RAM 325 to the host device 2 .
  • the host device 2 stores the processed security information SI 2 in the buffer 25 .
  • the controller 32 reads the processed security information SI 2 from the host device 2 and performs verification processing and decryption processing on the read processed security information SI 2 to restore the security information SI 1 to the RAM 325 .
  • FIG. 4 is a diagram showing an example of a shift operation to the low power state and a return operation from the low power state of the computer system according to the present embodiment.
  • the state ( 1 ) indicates the initial state of the host device 2 and the storage device 3 . It is assumed that the host device 2 and the storage device 3 are in a power-off state.
  • the state ( 2 ) indicates a state in which a password is entered and input to the storage device 3 .
  • the power of the host device 2 and the storage device 3 is turned on (power-on), and the host device 2 and the storage device 3 enter into a power-on state.
  • the user enters a password for accessing the storage device 3 to the storage device 3 via the host device 2 .
  • the state ( 3 ) indicates a state in which access to the storage device 3 is permitted.
  • the controller 32 of the storage device 3 compares the entered password with the password authentication key PK. When the two match, the controller 32 determines that the authentication of the user is successful and permits the user to access the storage device 3 .
  • the challenge response authentication by the HMAC method or the like in which the message authentication codes are compared with each other, may be used.
  • the message authentication codes in which the message authentication codes are compared with each other.
  • the value of the entered plaintext password is necessary. Therefore, if the password is stored in the host as a plaintext, there is a possibility that the password is leaked by analyzing the password flowing through the bus by the measuring device or the like as described above.
  • the state ( 4 ) indicates a state after the storage device 3 receives a request for shifting to the low power state from the host device 2 .
  • the storage device 3 generates processed security information SI 2 and transmits the information to the host device 2 .
  • the state ( 5 ) indicates the low power state of the storage device 3 .
  • the storage device 3 turns off all the power except the function necessary for returning to the normal state from the low power state upon receiving a return request from the host.
  • the state ( 6 ) indicates a state after the storage device 3 receives a request for returning to the normal state from the low power state from the host device 2 .
  • the storage device 3 receives the processed security information SI 2 from the host device 2 .
  • the state ( 7 ) indicates a normal state, before shifting to the low power state, to which the storage device returns.
  • the controller 32 restores the security information SI 1 by performing verification processing and decryption processing on the processed security information SI 2 received from the host device 2 .
  • FIG. 5 is a flowchart showing an example of shift processing to the low power state and return processing from the low power state in the computer system according to the present embodiment.
  • steps S 101 to S 104 corresponds to the state ( 4 ) in FIG. 4
  • the processing in step S 105 corresponds to the state ( 5 ) in FIG. 4
  • the processing in steps S 106 to S 112 corresponds to the state ( 6 ) in FIG. 4 .
  • step S 101 the CPU 22 of the host device 2 transmits a request for shifting to the low power state to the storage device 3 . More specifically, the CPU 22 issues, for example, a “Set Features” command of the NVMe standard. This command is a command for requesting the storage device 3 to set the “Power State” of “Power Management Feature” to be defined in the NVMe standard to the lowest power state.
  • the lowest power state is, for example, “Non-Operational Power State” of the NVMe standard and is a state in which I/O commands (read command, write command, and the like) may not be processed.
  • I/O commands read command, write command, and the like
  • it is assumed that the “Power State” of the PCIe standard is in a state in which the power is not turned off (for example, DO or the like).
  • the controller 32 of the storage device 3 receives the request.
  • the controller 32 waits for the completion of the I/O commands already issued from the host device 2 in order to shift to the low power state.
  • step S 102 after confirming that the I/O commands already issued from the host device 2 have completed, the controller 32 stops updating the power-on time information PI, and saves the power-on time information PI in a nonvolatile memory (ROM 326 and flash memory 34 ) or a retention SRAM, a retention FF, and the like (not shown) so that the counter value of the power-on time information PI is retained.
  • a nonvolatile memory ROM 326 and flash memory 34
  • a retention SRAM a retention FF, and the like (not shown)
  • step S 103 the controller 32 performs encryption processing and tampering prevention processing on the security information of the storage device 3 to generate processed security information SI 2 .
  • the controller 32 transmits the generated processed security information SI 2 to the host device 2 . Details of the encryption processing and the tampering prevention processing will be described later with reference to FIGS. 6 and 7 .
  • step S 103 if there is any data to be saved in the host device 2 in addition to the processed security information SI 2 , such data is also transmitted to the host device 2 .
  • step S 104 the CPU 22 of the host device 2 stores the received processed security information SI 2 in the buffer 25 .
  • step S 105 the controller 32 turns off the power of the circuit in the storage device 3 . More specifically, the controller 32 turns off the power excluding the circuit necessary for executing the minimum functions (functions other than I/O commands such as access to PCI Configuration Space or NVMe Admin Queue) defined in the NVMe standard, for example, via a power control circuit in the storage device 3 .
  • the minimum functions functions other than I/O commands such as access to PCI Configuration Space or NVMe Admin Queue
  • step S 106 the CPU 22 of the host device 2 transmits a request for returning to the normal state from the low power state to the storage device 3 . More specifically, the CPU 22 issues the “Set Features” command of the NVMe standard. This command is the same command as in step S 103 , but has different arguments, for example. This command is a command for requesting the storage device 3 to set “Power State” of “Power Management Feature” to be defined in the NVMe standard to the highest power state. The highest power state is, for example, a state in which I/O commands may be processed.
  • the timing at which the return request is transmitted is, for example, a case where the CPU 22 detects an access from the user to the storage device 3 .
  • step S 107 the controller 32 of the storage device 3 receives the return request from the host device 2 .
  • the storage device 3 may recognize that the storage device 3 is returning to the normal state from the low power state, power of the circuit in the storage device is turned on.
  • step S 108 the controller 32 reads the processed security information SI 2 from the buffer 25 of the host device 2 and executes verification processing and decryption processing on the read processed security information SI 2 . More specifically, when the verification is successful (that is, when it is determined that the read processed security information SI 2 has not been tampered with), the controller 32 restores the security information SI 1 from the processed security information SI 2 and stores the security information SI 1 in the RAM 325 . Details of the verification processing and the decryption processing will be described later with reference to FIGS. 8 and 9 .
  • step S 109 the controller 32 resumes updating the power-on time information PI. In this way, the storage device 3 is returned to the normal state from the low power state.
  • FIGS. 6 and 7 corresponds to step S 103 in FIG. 5 .
  • FIG. 6 is a flowchart showing an example of encryption processing and tampering prevention processing of security information according to the present embodiment.
  • FIG. 7 is a conceptual diagram of encryption processing and tampering prevention processing of security information according to the present embodiment.
  • step S 201 the controller 32 of the storage device 3 identifies and acquires the security information SI 1 to be saved to the host device 2 .
  • step S 202 the controller 32 generates a pseudo random number by a predetermined algorithm.
  • the predetermined algorithm is, for example, Hash_DRBG-SHA256 or the like.
  • the data size of the pseudo random number is, for example, 128 bits.
  • step S 203 the controller 32 sets plaintext data by concatenating the security information SI 1 and the power-on time information PI. Then, the controller 32 encrypts the plaintext data with a predetermined encryption algorithm by using the first secret key SK 1 stored in the ROM 326 and the pseudo random number generated in step S 202 . By this encryption processing, ciphertext data is generated.
  • the predetermined encryption algorithm is, for example, the AES-CBC algorithm.
  • step S 204 the controller 32 performs tampering prevention processing on the ciphertext data generated in step S 203 . More specifically, the controller 32 generates message data linking the ciphertext data generated in step S 203 and the pseudo random number. Then, the controller 32 generates a message authentication code (MAC value) for the message data by the predetermined algorithm by using the second secret key SK 2 stored in the ROM 326 .
  • the predetermined algorithm is, for example, HMAC-SHA256 or the like.
  • step S 205 the controller 32 sets as processed security information SI 2 the data obtained by appending the message authentication code to the message data (including ciphertext data and pseudo random number) and transmits the processed security information SI 2 to the host device 2 .
  • the host device 2 stores the received processed security information SI 2 in the buffer 25 .
  • the controller 32 verifies the message authentication code when the storage device 3 returns from the low power state and determines that the processed security information SI 2 has been tampered with when the message authentication code has changed.
  • FIGS. 8 and 9 corresponds to step S 108 in FIG. 5 .
  • FIG. 8 is a flowchart showing an example of security information verification processing and decryption processing according to the present embodiment.
  • FIG. 9 is a conceptual diagram of security information verification processing and decryption processing according to the present embodiment.
  • step S 301 the controller 32 of the storage device 3 acquires ciphertext data, a pseudo random number, and a message authentication code from the processed security information SI 2 .
  • the controller 32 generates message data in which the ciphertext data and the pseudo-random number are concatenated.
  • step S 302 the controller 32 reads out the second secret key SK 2 stored in the ROM 326 . Then, the controller 32 generates a message authentication code (MAC value) for the message data by the same processing as in step S 204 by using the second secret key SK 2 .
  • MAC value message authentication code
  • step S 303 the controller 32 compares the message authentication code generated in step S 302 with the message authentication code acquired in step S 301 .
  • step S 307 the processing proceeds to step S 304 .
  • step S 307 the controller 32 executes error processing. More specifically, the controller 32 sets the storage device 3 to, for example, “Persistent Internal Error”. After the error processing, the storage device 3 enters into a state in which the storage device 3 may not be restored until the storage device 3 is reset, for example.
  • step S 304 the controller 32 reads out the first secret key SK 1 stored in the ROM 326 . Then, the controller 32 decrypts the ciphertext data by the same algorithm as in step S 204 by using the first secret key SK 1 and the pseudo random number acquired in step S 301 . Plaintext data is generated by this decryption processing.
  • step S 305 the controller 32 confirms whether or not the power-on time information included in the plaintext data generated in step S 304 matches the power-on time information PI stored in the storage device 3 .
  • step S 304 When the power-on time information included in the plaintext data generated in step S 304 and the power-on time information PI stored in the storage device 3 do not match, the controller 32 executes the above-described error processing in step S 307 . On the other hand, when the two match, the processing proceeds to step S 306 .
  • step S 306 the controller 32 acquires the security information SI 1 from the plaintext data generated in step S 304 and stores the information in the RAM 325 .
  • the controller 32 of the storage device 3 when a request for shifting to the low power state is received from the host device 2 , the controller 32 of the storage device 3 performs encryption processing and tampering prevention processing on the security information SI 1 to generate processed security information SI 2 .
  • the controller 32 saves the processed security information SI 2 to the buffer 25 of the host device 2 . In this way, in the low power state of the storage device 3 , the confidentiality and integrity of the security information SI 1 may be maintained.
  • the standby power of the storage device 3 may be reduced as compared with the case where the security information SI 1 is held in the retention SRAM, the retention FF, and the like in the storage device 3 , for example, by saving the security information SI 1 in the buffer 25 of the host device 2 as processed security information SI 2 .
  • the security information SI 1 is not required to be held in the nonvolatile memory (flash memory 34 , ROM 326 , and the like) in the storage device 3 by being saved to the host device 2 , it is possible to reduce the number of times of writing data in the nonvolatile memory. That is, it is possible to prevent wearing out of the nonvolatile memory every time the storage device 3 shifts to the low power state.
  • the security information SI 1 is encrypted and saved to the host device 2 , thereby preventing leakage of the password authentication key PK and the like. More specifically, even when the host device 2 is stolen by a third party and the third party attempts to analyze the password flowing through the buses of the host device 2 and the storage device 3 by, for example, a logic analyzer, the password cannot be parsed because the password is encrypted.
  • the power-on time information PI is used. In this way, for example, even if a third party who has stolen the storage device 3 succeeds in unlocking it once, the information necessary for unlocking it again is different. That is, information for unlocking may not be obtained merely by analyzing data flowing through the buses of, for example, the host device 2 and the storage device 3 by a third party. Consequently, as the confidentiality of the storage device 3 increases, it is possible to prevent a replay attack by the third party.
  • the storage device 3 according to the present embodiment is particularly suitable for products that have strict limitations on standby power and amount of memory such as DRAM like BGA-SSD and DRAM-less SSD.
  • the security information SI 1 may be encrypted by another common key encryption method using the first secret key SK 1 .
  • Other encryption methods are, for example, AES-CTR (counter mode), RSA method, and the like.
  • the security information SI 1 may be subjected to tampering prevention processing by another method using the second secret key SK 2 .
  • tampering prevention processing include using an HMAC method with other hash functions and verifying a signature attached to ciphertext data by using a public key cryptography.
  • the power-on time information PI used in the present embodiment, other information that varies with time may be used. For example, a random number whose value changes with time may be used.
  • information based on the serial number, model number, and the like of the storage device 3 may be used.
  • step S 103 the controller 32 of the storage device 3 does not have to transmit all of the processed security information SI 2 subjected to the encryption processing and the tampering prevention processing to the host device 2 .
  • the controller 32 may transmit only the message authentication code (MAC value) to the host device 2 and save the processed security information SI 2 other than the message authentication code in the nonvolatile memory (for example, flash memory 34 , ROM 326 , and the like) in the storage device 3 .
  • step S 108 when returning from the low power state, the controller 32 verifies the tampering prevention by comparing the message authentication code received from the host device 2 with the message authentication code generated from the processed security information SI 2 stored in the storage device 3 . In this case, since the amount of data transmitted from the storage device 3 to the host device 2 is reduced, the effect of preventing leakage of plaintext data is further enhanced.
  • the host device 2 issues a “Set Features” command of the NVMe standard to the storage device 3 .
  • the power of the storage device 3 is not completely turned off.
  • the storage device 3 when the storage device 3 shifts to the low power state, a case where the power of the storage device 3 is completely turned off by using a unique command not defined in the NVMe standard (hereinafter, referred to as a vendor specific command) will be described.
  • the vendor extension command is, for example, a command defined by a manufacturer or the like of the storage device 3 .
  • the host memory buffer (Host Memory Buffer) of the host device 2 is also released. That is, in the present embodiment, the storage device 3 that does not support the host memory buffer is targeted.
  • FIG. 10 is a flowchart showing an example of shift processing to the low power state and return processing from the low power state in the computer system according to the present embodiment.
  • the buffer 25 of the host device 2 is not a host memory buffer of the NVMe standard.
  • the configuration of the computer system 1 other than this is the same as in the first embodiment.
  • FIG. 10 corresponds to the processing of FIG. 5 .
  • the description of the same processing as that in FIG. 5 will be omitted.
  • step S 401 the CPU 22 of the host device 2 issues a command (in particular, a vendor specific command) for turning off the power of the storage device 3 .
  • a command in particular, a vendor specific command
  • the host device 2 waits for the completion of the I/O commands to the storage device 3 in accordance with the shutdown sequence defined in the NVMe standard, for example, and deletes the I/O queue.
  • step S 402 after confirming that the I/O commands to the storage device 3 have completed in accordance with the shutdown sequence defined in the NVMe standard, the controller 32 of the storage device 3 stops updating the power-on time information PI.
  • the value of the power-on time information PI at the time of stopping is recorded, for example, in a nonvolatile state in the flash memory 34 . Since the processing of step S 402 is similar to the processing of step S 102 , the description thereof is omitted.
  • step S 403 the controller 32 performs encryption processing and tampering prevention processing on the security information of the storage device 3 to generate processed security information SI 2 .
  • the controller 32 transmits the generated processed security information SI 2 to the host device 2 as a response to the vender specific command.
  • the contents of the encryption processing and the tampering prevention processing are the same as those in step S 103 .
  • step S 404 the CPU 22 of the host device 2 stores the processed security information SI 2 in the buffer 25 .
  • step S 405 the CPU 22 issues a shutdown notification defined in the NVMe standard, for example, to the storage device 3 .
  • the CPU 22 shifts the “Power State” of the PCIe standard to a power-off state (D 3 ).
  • step S 406 the power of the storage device 3 is turned off, that is, the standby power becomes zero.
  • step S 407 the CPU 22 of the host device 2 causes the storage device 3 to execute wakeup processing.
  • This wakeup processing is, for example, initialization processing defined by the PCIe standard and/or the NVMe standard.
  • step S 408 the power of the storage device 3 is turned on, and when the wakeup processing is completed, the storage device 3 enters normal state.
  • the storage device 3 does not distinguish between cold boot and the return from the low power state.
  • the controller 32 holds the counter value before the power-on time information PI is resumed at the time of turning on the power again in the RAM 325 , the flash memory 34 , or the like, separately from the resumed counter value.
  • step S 409 the CPU 22 of the host device 2 issues a command (in particular, a vendor specific command) for restoring the security information SI 1 of the storage device 3 .
  • the CPU 22 transmits the processed security information SI 2 stored in the buffer 25 to the storage device 3 together with issuance of the command.
  • step S 410 the controller 32 of the storage device 3 recognizes that the storage device 3 is returning from the low power state by receiving the processed security information SI 2 .
  • the controller 32 executes verification processing and decryption processing on the processed security information SI 2 .
  • the contents of the verification processing and the decryption processing are the same as those in step S 108 .
  • the counter value of the power-on time information PI used for the verification processing the value held in step S 408 is used.
  • step S 411 the controller 32 returns the counter value of the power-on time information PI to the value held in step S 408 (that is, the value at the time of turning on the power). In this way, the storage device 3 is returned from the low power state.
  • the host device 2 when shifting the storage device 3 to the low power state, the host device 2 causes the power of the storage device 3 to be completely turned off by using the vendor specific command. In this way, in the low power state, the computer system 1 according to the second embodiment has lower power consumption than the computer system 1 according to the first embodiment.

Abstract

A storage device includes a controller configured to control the storage device, and a storage area for security information, the security information including flag information indicating whether reading or writing of data from/to the storage device is permitted and time information indicating a cumulative time value during which power of the storage device has been turned on. When a first command is received from a host device, the controller generates encrypted data by encrypting data obtained by combining the time information and the security information, and after transmitting the encrypted data to the host device, shifts the storage device to a low power state.

Description

CROSS-REFERENCE TO RELATED APPLICATION
This application is based upon and claims the benefit of priority from Japanese Patent Application No. 2018-154777, filed Aug. 21, 2018, the entire contents of which are incorporated herein by reference.
FIELD
Embodiments described herein relate generally to a storage device and a program.
BACKGROUND
In recent years, a self-encrypting drive (SED) which is a storage device having a data encryption function has been used. The self-encrypting drive has a built-in secret key, and the safety and confidentiality of the drive are secured by prohibiting reading of this secret key from the outside.
The self-encrypting drive has an authentication function and is unlocked, for example, by a password entered via a host device. After being unlocked, the self-encrypting drive permits reading and writing by the host device, and then enters in a locked state again as the power of the drive is turned off.
DESCRIPTION OF THE DRAWINGS
FIG. 1 is a block diagram showing an example of a configuration of a storage device according to a first embodiment and a computer system including the storage device.
FIG. 2 is a block diagram showing an example of a configuration of a controller of the storage device according to the first embodiment.
FIGS. 3A and 3B are diagrams showing an example of a storage state of each data in the computer system according to the first embodiment.
FIG. 4 is a diagram showing an example of a shift operation to a low power state and a return operation from the low power state of the computer system according to the first embodiment.
FIG. 5 is a flowchart showing an example of shift processing to the low power state and return processing from the low power state in the computer system according to the first embodiment.
FIG. 6 is a flowchart showing an example of encryption processing and tampering prevention processing of security information according to the first embodiment.
FIG. 7 is a conceptual diagram of the encryption processing and the tampering prevention processing of the security information according to the first embodiment.
FIG. 8 is a flowchart showing an example of verification processing and decryption processing of the security information according to the first embodiment.
FIG. 9 is a conceptual diagram of the verification processing and the decryption processing of the security information according to the first embodiment.
FIG. 10 is a flowchart showing an example of shift processing to a low power state and return processing from the low power state in a computer system according to a second embodiment.
 DETAILED DESCRIPTION
Embodiments provide a storage device and a program for safely returning the storage device to an unlocked state while lowering standby power.
In general, according to one embodiment, a storage device includes a controller configured to control the storage device, and a storage area for security information, the security information including flag information indicating whether reading or writing of data from/to the storage device is permitted and time information indicating a cumulative time value during which power of the storage device has been turned on. When a first command is received from a host device, the controller generates encrypted data by encrypting data obtained by combining the time information and the security information, and after transmitting the encrypted data to the host device, shifts the storage device to a low power state.
For example, when an access frequency decreases, generally, a storage device is controlled to shift from a normal state to a low power state to save power consumption. In a self-encrypting drive, it is preferable to return from the low power state to the normal state without requiring a re-entry of a password. Further, when the power of the self-encrypting drive is turned off due to battery exhaustion, theft, and the like, it is possible to prevent leakage of data stored in the drive by causing the storage device to enter into the locked state again.
As a method of achieving the low power state, for example, a method of holding a part of the internal state of the self-encrypting drive in a storage circuit with extremely small standby power such as retention static random access memory (SRAM), retention flip flop (FF), or the like is conceivable. When returning from the low power state, the contents held in the storage circuit are written back to a normal storage area. Here, when an unintended power failure occurs, safety of the drive is guaranteed by relocking the drive and erasing the contents of the retention SRAM and retention FF. However, when this method is used, since power supply is necessary for the storage circuit, standby power is required slightly.
As another method for achieving the low power state, for example, a method of storing a part of the above state in a nonvolatile memory such as a NAND flash memory and then completely turning off the power of the drive is conceivable. In this method, standby power of the drive is zero. However, if it is distinguished whether the drive is returning from the low power state or is in the cold boot when the power is turned on, for example, by an external input signal, there is a possibility that data stored in the drive will be stolen. Specifically, by disconnecting drive in a low power state from a certain system and connecting the drive to another system, and then turning on the power of the drive as if the drive seemed to return from the low power state, an attack may be possible which wakes up the drive in the unlocked state. In addition, frequent writing to the nonvolatile memory leads to wearing out of the nonvolatile memory.
In addition, as another method for achieving the low power state, a method of turning off the power of the self-encrypting drive in a state in which unencrypted password (that is, plaintext) is stored in a secure area of the host device is conceivable. Thereafter, the power of the drive is turned on, recovered from the low power state, and the password is read from the host device. In this method, standby power of the drive is zero. However, when the host device is stolen together with the drive, for example, the password is leaked by reading the password flowing through a bus interface (for example, serial ATA (SATA), peripheral component interconnect (PCI), dual inline memory module (DIMM), and the like) with a measuring device or the like. This also applies to the case where the internal state of the drive instead of the password is stored in the host device.
In each of the embodiments described below, when transitioning the storage device, which is a self-encrypting drive, to the low power (or power-off) state, the storage device is capable of safely saving a secret key used for encrypting data stored in a storage device and/or confidential information such as the locked state of the storage device in an area that is not necessarily secure such as a predetermined buffer of a host device.
Specifically, the storage device performs encryption processing and tampering prevention processing on confidential information stored in the storage device and saves the processed data to the host device. At this time, the information indicating power-on time is saved to a nonvolatile memory or the like in the storage device, for example. When restoring the data, the storage device verifies the authenticity of the data using the information indicating the power-on time. In this way, confidential information of the storage device may be safely saved and restored to the host device, and replay attack may be prevented.
Hereinafter, each embodiment will be described with reference to the drawings. In the following description, substantially the same functions and elements are denoted by the same reference numerals and described as necessary.
First Embodiment
The computer system according to the present embodiment includes a storage device connected to a host device through an interface of the PCIe (PCI Express) standard and supporting a host memory buffer of the NVMe standard. Supporting the host memory buffer means that a part of the DRAM of the host device is used as a buffer of the storage device. In addition, the storage device realizes the low power state within the behavior defined by the NVMe standard.
FIG. 1 is a block diagram showing an example of a configuration of a storage device according to the present embodiment and a computer system 1 including the storage device.
The computer system 1 includes a host device 2 and a storage device 3.
The host device 2 is an information processing device such as a personal computer (PC), a smartphone, or the like.
The host device 2 includes a connector interface (I/F) 21, a central processing unit (CPU) 22, a random access memory (RAM) 23, and a read only memory (ROM) 24. The connector interface 21, the RAM 23, and the ROM 24 are electrically connected to the CPU 22, respectively.
The connector interface 21 performs interface processing between the host device 2 and the storage device 3. More specifically, the connector interface 21 transmits and receives commands, addresses, data, information, commands, signals, and the like to and from the storage device 3 via the connector interface 31 of the storage device 3 to be described later. The connector interface 21 is, for example, an interface of the PCIe standard.
The CPU 22 is a processor that controls the operation of the host device 2. The CPU 22 is controlled by, for example, a control program stored in the ROM 24.
The CPU 22 transmits commands and the like for controlling the storage device 3 to the storage device 3 via the connector interface 21. In addition, the CPU 22 stores the data and the like received from the storage device 3 via the connector interface 21 in the RAM 23, the ROM 24, or the like.
The RAM 23 is used as a work area of the CPU 22, and a control program and various data necessary for executing the control program are stored therein. The RAM 23 may be used as, for example, a cache memory for temporarily storing data. The RAM 23 is a volatile memory such as static random-access memory (SRAM) or dynamic random-access memory (DRAM), for example.
The ROM 24 is a nonvolatile memory that stores software such as a control program used by the CPU 22 or firmware.
The CPU 22 may be configured as a system on chip (SoC). In a case where the CPU 22 is an SoC, the RAM 23 and/or the ROM 24 may be provided in the CPU 22.
The storage device 3 is a storage device such as a solid state drive (SSD), for example. The storage device 3 may be a hard disk drive (HDD) or the like.
The storage device 3 includes a connector interface (I/F) 31, a controller 32, a RAM 33, a flash memory 34, and the like. The connector interface 31, the RAM 33, and the flash memory 34 are electrically connected to the controller 32, respectively.
Like the connector interface 21, the connector interface 31 performs interface processing between the storage device 3 and the host device 2. The connector interface 31 may be provided in the controller 32.
The controller 32 is an SoC that controls the operation of the entire storage device 3. When the storage device 3 shifts to the low power state, the controller 32 performs encryption processing and tampering prevention processing on predetermined data (e.g., security information to be described later) in the storage device 3. The controller 32 transmits the security information subjected to these kinds of processing to the host device 2. In addition, when the storage device 3 returns from the low power state, the controller 32 reads the security information from the host device 2 and performs verification processing and decryption processing on the read security information.
Details of the configuration of the controller 32 will be described later with reference to FIG. 2. In addition, details of the processing executed by the controller 32 will be described later with reference to FIGS. 3A and 3B.
The RAM 33 is used as a work area of the controller 32. The RAM 33 also may be used as, for example, a cache memory for temporarily storing data. Like the RAM 23, the RAM 33 is a volatile memory such as SRAM, DRAM, or the like.
The flash memory 34 is a nonvolatile memory constituting a storage area of the storage device 3. The flash memory 34 is, for example, a NAND-type flash memory, but may be another nonvolatile semiconductor memory such as a NOR-type flash memory, magnetoresistive random access memory (MRAM), phase change random access memory (PRAM), resistive random-access memory (ReRAM), ferroelectric random-access memory (FeRAM) or the like. For example, the flash memory 34 may be another nonvolatile memory, a magnetic memory, or the like. For example, the flash memory 34 may be a three-dimensional memory. The above-described ROM 24 is, for example, the same type of memory as the flash memory 34.
FIG. 2 is a block diagram showing an example of the configuration of the controller of the storage device according to the present embodiment.
The controller 32 includes an interface (I/F) 321, a CPU 322, a RAM controller 323, a flash memory controller 324, a RAM 325, a ROM 326, and the like and are connected by a system bus.
The interface 321 performs interface processing for access to the controller 32. The interface 321 is, for example, an interface of the PCIe standard or the like.
The CPU 322 is a processor that controls the operation of the controller 32. Like the CPU 22 of the host device 2, the CPU 322 is controlled by a predetermined control program or the like.
The RAM controller 323 is a controller for controlling the above-described RAM 33. In addition, the flash memory controller 324 is a controller for controlling the above-described flash memory 34.
The RAM 325 is a volatile memory constituting a storage area inside the controller 32. The RAM 325 stores, for example, a data encryption key DK, a read lock flag F1, a write lock flag F2, a password authentication key PK, power-on time information PI, and the like.
The data encryption key DK is key information for encrypting the data stored in the flash memory 34. When storing data in the flash memory 34, the controller 32 encrypts the data by using the data encryption key DK. For the data encryption key DK, for example, Advanced Encryption Standard (AES) in XTS mode or the like is used. The size of the data encryption key is, for example, 512 bits.
The read lock flag F1 and the write lock flag F2 are flag information indicating permission/rejection status for accessing the storage device 3.
The read lock flag F1 is a flag for managing whether or not the storage device 3 is in a read-disabled state. When the storage device 3 is in a read-disabled state, the controller 32 refuses to read the data stored in the flash memory 34 of the storage device 3. For example, when the read lock flag F1 is on, the storage device 3 enters into a read-disabled state, and when the read lock flag F1 is off, the storage device 3 enters into a read-enabled state.
The write lock flag F2 is a flag for managing whether or not the storage device 3 is in a write-disabled state. When the storage device 3 is in a write-disabled state, the controller 32 refuses to write data to the flash memory 34 of the storage device 3. For example, when the write lock flag F2 is on, the storage device 3 enters into a write-disabled state, and when the write lock flag F2 is off, the storage device 3 enters into a write-enabled state.
The data sizes of the read lock flag F1 and the write lock flag F2 are, for example, 1 bit.
The password authentication key PK is data representing a password for allowing a user to access the storage device 3 via the host device 2, for example. When accessing the storage device 3, the user enters a predetermined password to the storage device 3 via the host device 2. The host device 2 transmits the entered password to the storage device 3. The controller 32 compares the password received from the host device 2 with the password authentication key PK, and when the two match, it is determined that the authentication of the user is successful and the access of the user to the storage device 3 is permitted.
It is preferable that the password authentication key PK includes a plurality of pieces of password information corresponding to a plurality of users. The data size of the password authentication key PK is, for example, 256 bits for each user.
The data encryption key DK, the read lock flag F1, the write lock flag F2, the password authentication key PK and the like described above are saved to the host device 2 when the storage device 3 shifts to a low power state. Hereinafter, these data to be saved to the host device 2 are collectively referred to as security information SI1.
The data encryption key DK and password authentication key PK may optionally be included in the security information SI1. That is, the security information SI1 includes at least the read lock flag F1 and the write lock flag F2. When the storage device 3 shifts to the low power state, the controller 32 may save the data encryption key DK and the password authentication key PK to, for example, the ROM 326 or the flash memory 34.
In addition, the security information SI1 may further include various kinds of intermediate security information generated when unlocking the storage device 3 by password entered from the user, or other information.
The power-on time information PI is information representing the cumulative time value during which the power of the storage device 3 has been turned on from product shipment to the present. The power-on time information PI is, for example, a value of a counter indicating the elapse of a unit time, and a value is added every time the unit time elapses. The unit time is preferably about 1 millisecond or less, for example.
In the power-on time information PI, addition of values is stopped after the power of the storage device 3 is turned off, and addition of the values is started again after the power is turned on again. For this reason, the power-on time information PI is stored in the ROM 326, the flash memory 34, or the like in a non-volatilized manner when the power is turned off. The power-on time information PI may be stored in the RAM 33 while the power is turned on.
Generally, in the solid state drive (SSD), the power-on time information PI is stored in the SSD as a part of the management information. For example, in the NVMe standard, this management information is SMART information that may be acquired by a “Get Log Page” command. The power-on time information PI is a value represented by the item “Power On Hours” in this SMART information.
The ROM 326 is a nonvolatile memory constituting a storage area inside the controller 32. The ROM 326 stores, for example, secret key information KI. The secret key information KI includes, for example, a first secret key SK1, a second secret key SK2, and the like.
The first secret key SK1 is a fixed secret key for encrypting the security information SI1. More specifically, the first secret key SK1 is key information used when the security information SI1 is encrypted and decrypted by AES, for example. The data size of the first secret key SK1 is, for example, 256 bits.
The second secret key SK2 is key information used when applying the tampering prevention processing to the security information SI1. More specifically, the second secret key SK2 is key information used for calculating a unique value (message authentication code) for the security information SI1, for example, by the hash-based message authentication code (HMAC) method. In the case of the HMAC method, the message authentication code is an output value of a cryptographic hash function. In addition, the data size of the second secret key SK2 is, for example, 256 bits.
The RAM 33 may be provided in the RAM 325. In addition, the RAM 325 and/or the ROM 326 may be disposed outside the controller 32.
FIGS. 3A and 3B are diagrams showing an example of the storage state of each piece of data in the computer system according to the present embodiment.
First, FIG. 3A shows the storage state of each piece of data before the storage device 3 shifts to the low power state. As described above, the storage device 3 includes security information SI1, secret key information KI, and power-on time information PI. In addition, a buffer 25 of the host device 2 does not include these pieces of information. The buffer 25 is a storage area implemented in, for example, the RAM 23 or the like. More specifically, the buffer 25 is a host memory buffer of the NVMe standard or the like as described above.
Next, FIG. 3B shows the storage state of each piece of data after the storage device 3 shifts to the low power state. When the storage device 3 shifts to the low power state, the controller 32 performs encryption processing and tampering prevention processing on the security information SI1. In this way, the security information SI1 is converted into processed security information SI2. Further, the controller 32 transmits the processed security information from the RAM 325 to the host device 2. The host device 2 stores the processed security information SI2 in the buffer 25.
In addition, when the storage device 3 returns from the low power state, the controller 32 reads the processed security information SI2 from the host device 2 and performs verification processing and decryption processing on the read processed security information SI2 to restore the security information SI1 to the RAM 325.
With reference to FIGS. 4 and 5, details of the processing of shifting the storage device 3 to the low power state and the processing of returning from the low power state of the storage device 3 will be described below.
FIG. 4 is a diagram showing an example of a shift operation to the low power state and a return operation from the low power state of the computer system according to the present embodiment.
The state (1) indicates the initial state of the host device 2 and the storage device 3. It is assumed that the host device 2 and the storage device 3 are in a power-off state.
The state (2) indicates a state in which a password is entered and input to the storage device 3. After the state (1), the power of the host device 2 and the storage device 3 is turned on (power-on), and the host device 2 and the storage device 3 enter into a power-on state. The user enters a password for accessing the storage device 3 to the storage device 3 via the host device 2.
The state (3) indicates a state in which access to the storage device 3 is permitted. After the state (2), the controller 32 of the storage device 3 compares the entered password with the password authentication key PK. When the two match, the controller 32 determines that the authentication of the user is successful and permits the user to access the storage device 3.
Instead of comparing the entered password with the password authentication key PK itself, for example, the challenge response authentication by the HMAC method or the like, in which the message authentication codes are compared with each other, may be used. Even in this case, in order to generate a message authentication code (MAC value), the value of the entered plaintext password is necessary. Therefore, if the password is stored in the host as a plaintext, there is a possibility that the password is leaked by analyzing the password flowing through the bus by the measuring device or the like as described above.
The state (4) indicates a state after the storage device 3 receives a request for shifting to the low power state from the host device 2. The storage device 3 generates processed security information SI2 and transmits the information to the host device 2.
The state (5) indicates the low power state of the storage device 3. In this low power state, the storage device 3 turns off all the power except the function necessary for returning to the normal state from the low power state upon receiving a return request from the host.
The state (6) indicates a state after the storage device 3 receives a request for returning to the normal state from the low power state from the host device 2. The storage device 3 receives the processed security information SI2 from the host device 2.
The state (7) indicates a normal state, before shifting to the low power state, to which the storage device returns. The controller 32 restores the security information SI1 by performing verification processing and decryption processing on the processed security information SI2 received from the host device 2.
FIG. 5 is a flowchart showing an example of shift processing to the low power state and return processing from the low power state in the computer system according to the present embodiment.
The processing in steps S101 to S104 corresponds to the state (4) in FIG. 4, the processing in step S105 corresponds to the state (5) in FIG. 4, and the processing in steps S106 to S112 corresponds to the state (6) in FIG. 4.
In step S101, the CPU 22 of the host device 2 transmits a request for shifting to the low power state to the storage device 3. More specifically, the CPU 22 issues, for example, a “Set Features” command of the NVMe standard. This command is a command for requesting the storage device 3 to set the “Power State” of “Power Management Feature” to be defined in the NVMe standard to the lowest power state. The lowest power state is, for example, “Non-Operational Power State” of the NVMe standard and is a state in which I/O commands (read command, write command, and the like) may not be processed. In the present embodiment, it is assumed that the “Power State” of the PCIe standard is in a state in which the power is not turned off (for example, DO or the like).
The controller 32 of the storage device 3 receives the request. The controller 32 waits for the completion of the I/O commands already issued from the host device 2 in order to shift to the low power state.
In step S102, after confirming that the I/O commands already issued from the host device 2 have completed, the controller 32 stops updating the power-on time information PI, and saves the power-on time information PI in a nonvolatile memory (ROM 326 and flash memory 34) or a retention SRAM, a retention FF, and the like (not shown) so that the counter value of the power-on time information PI is retained.
In step S103, the controller 32 performs encryption processing and tampering prevention processing on the security information of the storage device 3 to generate processed security information SI2. The controller 32 transmits the generated processed security information SI2 to the host device 2. Details of the encryption processing and the tampering prevention processing will be described later with reference to FIGS. 6 and 7.
In step S103, if there is any data to be saved in the host device 2 in addition to the processed security information SI2, such data is also transmitted to the host device 2.
In step S104, the CPU 22 of the host device 2 stores the received processed security information SI2 in the buffer 25.
In step S105, the controller 32 turns off the power of the circuit in the storage device 3. More specifically, the controller 32 turns off the power excluding the circuit necessary for executing the minimum functions (functions other than I/O commands such as access to PCI Configuration Space or NVMe Admin Queue) defined in the NVMe standard, for example, via a power control circuit in the storage device 3.
Thereafter, in step S106, the CPU 22 of the host device 2 transmits a request for returning to the normal state from the low power state to the storage device 3. More specifically, the CPU 22 issues the “Set Features” command of the NVMe standard. This command is the same command as in step S103, but has different arguments, for example. This command is a command for requesting the storage device 3 to set “Power State” of “Power Management Feature” to be defined in the NVMe standard to the highest power state. The highest power state is, for example, a state in which I/O commands may be processed.
The timing at which the return request is transmitted is, for example, a case where the CPU 22 detects an access from the user to the storage device 3.
In step S107, the controller 32 of the storage device 3 receives the return request from the host device 2. Here, since the storage device 3 may recognize that the storage device 3 is returning to the normal state from the low power state, power of the circuit in the storage device is turned on.
In step S108, the controller 32 reads the processed security information SI2 from the buffer 25 of the host device 2 and executes verification processing and decryption processing on the read processed security information SI2. More specifically, when the verification is successful (that is, when it is determined that the read processed security information SI2 has not been tampered with), the controller 32 restores the security information SI1 from the processed security information SI2 and stores the security information SI1 in the RAM 325. Details of the verification processing and the decryption processing will be described later with reference to FIGS. 8 and 9.
In step S109, the controller 32 resumes updating the power-on time information PI. In this way, the storage device 3 is returned to the normal state from the low power state.
The details of the encryption processing and tampering prevention processing of the security information SI1 will be described below with reference to FIGS. 6 and 7. The processing shown in FIGS. 6 and 7 corresponds to step S103 in FIG. 5.
FIG. 6 is a flowchart showing an example of encryption processing and tampering prevention processing of security information according to the present embodiment.
FIG. 7 is a conceptual diagram of encryption processing and tampering prevention processing of security information according to the present embodiment.
In step S201, the controller 32 of the storage device 3 identifies and acquires the security information SI1 to be saved to the host device 2.
In step S202, the controller 32 generates a pseudo random number by a predetermined algorithm. The predetermined algorithm is, for example, Hash_DRBG-SHA256 or the like. In addition, the data size of the pseudo random number is, for example, 128 bits.
In step S203, the controller 32 sets plaintext data by concatenating the security information SI1 and the power-on time information PI. Then, the controller 32 encrypts the plaintext data with a predetermined encryption algorithm by using the first secret key SK1 stored in the ROM 326 and the pseudo random number generated in step S202. By this encryption processing, ciphertext data is generated. The predetermined encryption algorithm is, for example, the AES-CBC algorithm.
In step S204, the controller 32 performs tampering prevention processing on the ciphertext data generated in step S203. More specifically, the controller 32 generates message data linking the ciphertext data generated in step S203 and the pseudo random number. Then, the controller 32 generates a message authentication code (MAC value) for the message data by the predetermined algorithm by using the second secret key SK2 stored in the ROM 326. The predetermined algorithm is, for example, HMAC-SHA256 or the like.
In step S205, the controller 32 sets as processed security information SI2 the data obtained by appending the message authentication code to the message data (including ciphertext data and pseudo random number) and transmits the processed security information SI2 to the host device 2. The host device 2 stores the received processed security information SI2 in the buffer 25.
The controller 32 verifies the message authentication code when the storage device 3 returns from the low power state and determines that the processed security information SI2 has been tampered with when the message authentication code has changed.
The verification processing and the decryption processing of the processed security information SI2 will be described in detail below with reference to FIGS. 8 and 9. The processing shown in FIGS. 8 and 9 corresponds to step S108 in FIG. 5.
FIG. 8 is a flowchart showing an example of security information verification processing and decryption processing according to the present embodiment.
FIG. 9 is a conceptual diagram of security information verification processing and decryption processing according to the present embodiment.
In step S301, the controller 32 of the storage device 3 acquires ciphertext data, a pseudo random number, and a message authentication code from the processed security information SI2. In addition, the controller 32 generates message data in which the ciphertext data and the pseudo-random number are concatenated.
In step S302, the controller 32 reads out the second secret key SK2 stored in the ROM 326. Then, the controller 32 generates a message authentication code (MAC value) for the message data by the same processing as in step S204 by using the second secret key SK2.
In step S303, the controller 32 compares the message authentication code generated in step S302 with the message authentication code acquired in step S301.
When the comparison result of both does not match, the controller 32 determines that the processed security information SI2 has been tampered with, and the processing proceeds to step S307. On the other hand, when the comparison result matches, the processing proceeds to step S304.
In step S307, the controller 32 executes error processing. More specifically, the controller 32 sets the storage device 3 to, for example, “Persistent Internal Error”. After the error processing, the storage device 3 enters into a state in which the storage device 3 may not be restored until the storage device 3 is reset, for example.
In step S304, the controller 32 reads out the first secret key SK1 stored in the ROM 326. Then, the controller 32 decrypts the ciphertext data by the same algorithm as in step S204 by using the first secret key SK1 and the pseudo random number acquired in step S301. Plaintext data is generated by this decryption processing.
In step S305, the controller 32 confirms whether or not the power-on time information included in the plaintext data generated in step S304 matches the power-on time information PI stored in the storage device 3.
When the power-on time information included in the plaintext data generated in step S304 and the power-on time information PI stored in the storage device 3 do not match, the controller 32 executes the above-described error processing in step S307. On the other hand, when the two match, the processing proceeds to step S306.
In step S306, the controller 32 acquires the security information SI1 from the plaintext data generated in step S304 and stores the information in the RAM 325.
In the present embodiment described above, when a request for shifting to the low power state is received from the host device 2, the controller 32 of the storage device 3 performs encryption processing and tampering prevention processing on the security information SI1 to generate processed security information SI2. The controller 32 saves the processed security information SI2 to the buffer 25 of the host device 2. In this way, in the low power state of the storage device 3, the confidentiality and integrity of the security information SI1 may be maintained.
In other words, by performing the encryption processing and the tampering prevention processing on the highly confidential security information SI1, it is possible to save the data in the buffer 25 of the host device 2 with low security.
When the storage device 3 returns from the low power state, it is possible to detect tampered data by verifying the validity of the processed security information SI2. In addition, during this verification processing, it is possible to prevent a replay attack by confirming that the counter value of the power-on time information PI is correct.
In addition, the standby power of the storage device 3 may be reduced as compared with the case where the security information SI1 is held in the retention SRAM, the retention FF, and the like in the storage device 3, for example, by saving the security information SI1 in the buffer 25 of the host device 2 as processed security information SI2.
Similarly, since the security information SI1 is not required to be held in the nonvolatile memory (flash memory 34, ROM 326, and the like) in the storage device 3 by being saved to the host device 2, it is possible to reduce the number of times of writing data in the nonvolatile memory. That is, it is possible to prevent wearing out of the nonvolatile memory every time the storage device 3 shifts to the low power state.
In the present embodiment, the security information SI1 is encrypted and saved to the host device 2, thereby preventing leakage of the password authentication key PK and the like. More specifically, even when the host device 2 is stolen by a third party and the third party attempts to analyze the password flowing through the buses of the host device 2 and the storage device 3 by, for example, a logic analyzer, the password cannot be parsed because the password is encrypted.
In addition, during the encryption processing of the security information SI1, the power-on time information PI is used. In this way, for example, even if a third party who has stolen the storage device 3 succeeds in unlocking it once, the information necessary for unlocking it again is different. That is, information for unlocking may not be obtained merely by analyzing data flowing through the buses of, for example, the host device 2 and the storage device 3 by a third party. Consequently, as the confidentiality of the storage device 3 increases, it is possible to prevent a replay attack by the third party.
In the present embodiment, when the storage device 3 returns from the low power state, it is unnecessary to unlock the drive again, thereby improving the convenience for the user.
The storage device 3 according to the present embodiment is particularly suitable for products that have strict limitations on standby power and amount of memory such as DRAM like BGA-SSD and DRAM-less SSD.
The security information SI1 may be encrypted by another common key encryption method using the first secret key SK1. Other encryption methods are, for example, AES-CTR (counter mode), RSA method, and the like.
In addition, the security information SI1 may be subjected to tampering prevention processing by another method using the second secret key SK2. Examples of such tampering prevention processing include using an HMAC method with other hash functions and verifying a signature attached to ciphertext data by using a public key cryptography.
Instead of the power-on time information PI used in the present embodiment, other information that varies with time may be used. For example, a random number whose value changes with time may be used. In addition, instead of the power-on time information PI, information based on the serial number, model number, and the like of the storage device 3 may be used.
In addition, in step S103, the controller 32 of the storage device 3 does not have to transmit all of the processed security information SI2 subjected to the encryption processing and the tampering prevention processing to the host device 2. For example, the controller 32 may transmit only the message authentication code (MAC value) to the host device 2 and save the processed security information SI2 other than the message authentication code in the nonvolatile memory (for example, flash memory 34, ROM 326, and the like) in the storage device 3. Thereafter, in step S108, when returning from the low power state, the controller 32 verifies the tampering prevention by comparing the message authentication code received from the host device 2 with the message authentication code generated from the processed security information SI2 stored in the storage device 3. In this case, since the amount of data transmitted from the storage device 3 to the host device 2 is reduced, the effect of preventing leakage of plaintext data is further enhanced.
Second Embodiment
In the first embodiment, when the storage device 3 shifts to the low power state or when the storage device 3 returns from the low power state, the host device 2 issues a “Set Features” command of the NVMe standard to the storage device 3. In this command, the power of the storage device 3 is not completely turned off.
On the other hand, in the present embodiment, when the storage device 3 shifts to the low power state, a case where the power of the storage device 3 is completely turned off by using a unique command not defined in the NVMe standard (hereinafter, referred to as a vendor specific command) will be described. The vendor extension command is, for example, a command defined by a manufacturer or the like of the storage device 3.
According to the NVMe standard, when the power of the storage device 3 is turned off, the host memory buffer (Host Memory Buffer) of the host device 2 is also released. That is, in the present embodiment, the storage device 3 that does not support the host memory buffer is targeted.
FIG. 10 is a flowchart showing an example of shift processing to the low power state and return processing from the low power state in the computer system according to the present embodiment.
In the present embodiment, it is assumed that the buffer 25 of the host device 2 is not a host memory buffer of the NVMe standard. The configuration of the computer system 1 other than this is the same as in the first embodiment.
The processing of FIG. 10 corresponds to the processing of FIG. 5. In the processing shown in FIG. 10, the description of the same processing as that in FIG. 5 will be omitted.
In step S401, the CPU 22 of the host device 2 issues a command (in particular, a vendor specific command) for turning off the power of the storage device 3. After issuing the command, the host device 2 waits for the completion of the I/O commands to the storage device 3 in accordance with the shutdown sequence defined in the NVMe standard, for example, and deletes the I/O queue.
In step S402, after confirming that the I/O commands to the storage device 3 have completed in accordance with the shutdown sequence defined in the NVMe standard, the controller 32 of the storage device 3 stops updating the power-on time information PI. The value of the power-on time information PI at the time of stopping is recorded, for example, in a nonvolatile state in the flash memory 34. Since the processing of step S402 is similar to the processing of step S102, the description thereof is omitted.
In step S403, the controller 32 performs encryption processing and tampering prevention processing on the security information of the storage device 3 to generate processed security information SI2. In addition, the controller 32 transmits the generated processed security information SI2 to the host device 2 as a response to the vender specific command. The contents of the encryption processing and the tampering prevention processing are the same as those in step S103.
In step S404, the CPU 22 of the host device 2 stores the processed security information SI2 in the buffer 25.
In step S405, the CPU 22 issues a shutdown notification defined in the NVMe standard, for example, to the storage device 3. After the shutdown processing of the storage device 3 is completed, the CPU 22, for example, shifts the “Power State” of the PCIe standard to a power-off state (D3).
In this way, in step S406, the power of the storage device 3 is turned off, that is, the standby power becomes zero.
In step S407, the CPU 22 of the host device 2 causes the storage device 3 to execute wakeup processing. This wakeup processing is, for example, initialization processing defined by the PCIe standard and/or the NVMe standard.
In step S408, the power of the storage device 3 is turned on, and when the wakeup processing is completed, the storage device 3 enters normal state. Here, the storage device 3 does not distinguish between cold boot and the return from the low power state.
In addition, as the storage device 3 wakes up, the counter of the power-on time information PI restarts. For this reason, the controller 32 holds the counter value before the power-on time information PI is resumed at the time of turning on the power again in the RAM 325, the flash memory 34, or the like, separately from the resumed counter value.
In step S409, the CPU 22 of the host device 2 issues a command (in particular, a vendor specific command) for restoring the security information SI1 of the storage device 3. The CPU 22 transmits the processed security information SI2 stored in the buffer 25 to the storage device 3 together with issuance of the command.
In step S410, the controller 32 of the storage device 3 recognizes that the storage device 3 is returning from the low power state by receiving the processed security information SI2. The controller 32 executes verification processing and decryption processing on the processed security information SI2. The contents of the verification processing and the decryption processing are the same as those in step S108. As the counter value of the power-on time information PI used for the verification processing, the value held in step S408 is used.
In step S411, the controller 32 returns the counter value of the power-on time information PI to the value held in step S408 (that is, the value at the time of turning on the power). In this way, the storage device 3 is returned from the low power state.
According to the second embodiment described above, when shifting the storage device 3 to the low power state, the host device 2 causes the power of the storage device 3 to be completely turned off by using the vendor specific command. In this way, in the low power state, the computer system 1 according to the second embodiment has lower power consumption than the computer system 1 according to the first embodiment.
In addition, in the present embodiment, even in the storage device 3 that does not support the host memory buffer of the NVMe standard, since the security information SI1 may be safely saved to the host device 2 when the power is turned off, it is possible to enhance confidentiality.
While certain embodiments have been described, these embodiments have been presented by way of example only, and are not intended to limit the scope of the inventions. Indeed, the novel embodiments described herein may be embodied in a variety of other forms; furthermore, various omissions, substitutions and changes in the form of the embodiments described herein may be made without departing from the spirit of the inventions. The accompanying claims and their equivalents are intended to cover such forms or modifications as would fall within the scope and spirit of the inventions.

Claims (20)

What is claimed is:
1. A storage device, comprising:
a controller configured to control the storage device; and
a storage area for security information, the security information including flag information indicating whether reading or writing of data from/to the storage device is permitted, and time information indicating a cumulative time value during which power of the storage device has been turned on, wherein
when a first command is received from a host device, the controller generates encrypted data by encrypting data obtained by combining the time information and the security information, and after transmitting the encrypted data to the host device, shifts the storage device to a low power state.
2. The storage device according to claim 1, wherein
when a second command is received from the host device, the controller receives the encrypted data from the host device, executes decryption processing on the encrypted data, and stores the security information and the time information obtained by the decryption processing in the storage area.
3. The storage device according to claim 2, wherein the controller
executes tampering prevention processing on the encrypted data, and transmits a first authentication code generated by the tampering prevention processing to the host device,
generates a second authentication code by executing the tampering prevention processing on the encrypted data received from the host device when the second command is received along with the first authentication code, and
executes the decryption processing when the first authentication code received from the host device matches the second authentication code.
4. The storage device according to claim 3, wherein the controller
stores the time information in a non-volatile storage area when the first command is received,
compares the time information stored in the non-volatile storage area with the time information obtained by the decryption processing when the second command is received, and
stores the security information and the time information obtained by the decryption processing in the storage area when a result of the time information comparison is a match.
5. The storage device according to claim 3, further comprising:
a non-volatile memory in which a first secret key and a second secret key are stored, wherein
the first secret key is used when the controller generates the encrypted data and performs the decryption processing, and the second secret key is used during the tampering prevention processing.
6. The storage device according to claim 2,
wherein the first command and the second command are Set Features commands of an NVMe standard.
7. The storage device according to claim 1,
wherein the security information includes authentication key data for permitting access to the storage device and encrypted key data for encrypting data to be stored in the storage device.
8. The storage device according to claim 1, wherein the storage area is a volatile memory.
9. A storage device, comprising:
a controller configured to control the storage device; and
a storage area for security information, the security information including flag information indicating whether reading or writing of data from/to the storage device is permitted, and time information indicating a cumulative time value during which power of the storage device has been turned on, wherein the controller
generates encrypted data by encrypting data obtained by combining the time information and the security information and stores the encrypted data in the storage device when a first command is received from a host device,
executes tampering prevention processing on the encrypted data, and
after transmitting a first authentication code generated by the tampering prevention processing to the host device, shifts the storage device to a low power state.
10. The storage device according to claim 9, wherein the controller
receives the first authentication code from the host device along with a second command,
generates a second authentication code by executing the tampering prevention processing on the encrypted data stored in the storage device,
executes decryption processing on the encrypted data when the first authentication code matches the second authentication code, and
stores the security information and the time information obtained by the decryption processing in the storage area.
11. The storage device according to claim 10, further comprising:
a non-volatile memory in which a first secret key and a second secret key are stored, wherein
the first secret key is used when the controller generates the encrypted data and performs the decryption processing, and the second secret key is used during the tampering prevention processing.
12. The storage device according to claim 10,
wherein the first command and the second command are Set Features commands of an NVMe standard.
13. The storage device according to claim 9,
wherein the security information includes authentication key data for permitting access to the storage device and encrypted key data for encrypting data to be stored in the storage device.
14. The storage device according to claim 9, wherein the storage area is a volatile memory.
15. The storage device according to claim 9, wherein the low power state is a power off state.
16. A non-transitory computer readable medium storing instructions to be executed by a processor of a storage device, wherein the storage device has a storage area for security information, the security information including flag information indicating whether reading or writing of data from/to the storage device is permitted, and time information indicating a cumulative time value during which power of the storage device has been turned on, and the instructions executed by the processor cause the storage device to carry out the steps of:
responsive to a first command received from a host device, generating encrypted data by encrypting data obtained by combining the time information and the security information;
transmitting the encrypted data to the host device; and then
shifting the storage device to a low power state.
17. The non-transitory computer readable medium according to claim 16, wherein the instructions executed by the processor cause the storage device to further carry out the steps of:
responsive to a second command received from the host device along with the encrypted data, executing decryption processing on the encrypted data; and
storing the security information and the time information obtained by the decryption processing in the storage area.
18. The non-transitory computer readable medium according to claim 17, wherein the instructions executed by the processor cause the storage device to further carry out the steps of:
executing tampering prevention processing on the encrypted data, and transmitting a first authentication code generated by the tampering prevention processing to the host device;
generating a second authentication code by executing the tampering prevention processing on the encrypted data received from the host device when the second command is received along with the first authentication code; and
executing the decryption processing when the first authentication code received from the host device matches the second authentication code.
19. The non-transitory computer readable medium according to claim 18, wherein the instructions executed by the processor cause the storage device to further carry out the steps of:
storing the time information in a non-volatile storage area when the first command is received;
comparing the time information stored in the non-volatile storage area with the time information obtained by the decryption processing when the second command is received; and
storing the security information and the time information obtained by the decryption processing in the storage area when a result of the time information comparison is a match.
20. The non-transitory computer readable medium according to claim 18, wherein
the storage device further includes a non-volatile memory in which a first secret key and a second secret key are stored,
the first secret key is used to generate the encrypted data and during the decryption processing,
and the second secret key is used during the tampering prevention processing.
US16/286,520 2018-08-21 2019-02-26 Self-encrypting storage device and protection method Active 2040-03-07 US11222144B2 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
JPJP2018-154777 2018-08-21
JP2018-154777 2018-08-21
JP2018154777A JP2020030527A (en) 2018-08-21 2018-08-21 Storage device and program

Publications (2)

Publication Number Publication Date
US20200065528A1 US20200065528A1 (en) 2020-02-27
US11222144B2 true US11222144B2 (en) 2022-01-11

Family

ID=69586093

Family Applications (1)

Application Number Title Priority Date Filing Date
US16/286,520 Active 2040-03-07 US11222144B2 (en) 2018-08-21 2019-02-26 Self-encrypting storage device and protection method

Country Status (4)

Country Link
US (1) US11222144B2 (en)
JP (1) JP2020030527A (en)
CN (1) CN110851886B (en)
TW (1) TWI712889B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102576684B1 (en) * 2018-11-15 2023-09-11 에스케이하이닉스 주식회사 Storage device and operating method thereof
US20210397363A1 (en) * 2020-06-17 2021-12-23 Micron Technology, Inc. Operational monitoring for memory devices
TWI800795B (en) * 2021-02-09 2023-05-01 宏碁股份有限公司 Data arrangement method and memory storage system using persistent memory
JP7413300B2 (en) * 2021-03-15 2024-01-15 株式会社東芝 Storage device
TWI798680B (en) * 2021-04-14 2023-04-11 群聯電子股份有限公司 Method for managing host memory buffer, memory storage apparatus and memory control circuit unit
CN112965670B (en) * 2021-04-22 2023-08-01 群联电子股份有限公司 Host memory buffer management method, memory device and control circuit unit

Citations (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6711264B1 (en) * 1998-10-29 2004-03-23 Fujitsu Limited Security improvement method and security system
CN101043326A (en) 2006-03-22 2007-09-26 赵兴 Dynamic information encrypting system and method
US20080304364A1 (en) * 2007-06-08 2008-12-11 Michael Holtzman Memory device with circuitry for improving accuracy of a time estimate
US20090037654A1 (en) * 2007-07-30 2009-02-05 Stroz Friedberg, Inc. System, method, and computer program product for detecting access to a memory device
US20110258456A1 (en) * 2010-04-14 2011-10-20 Microsoft Corporation Extensible management of self-encrypting storage devices
US20120072735A1 (en) * 2010-09-17 2012-03-22 Kabushiki Kaisha Toshiba Storage device, protection method, and electronic device
US20120260023A1 (en) * 2011-04-08 2012-10-11 Kabushiki Kaisha Toshiba Storage device, protection method, and electronic apparatus
US20140122867A1 (en) * 2012-10-26 2014-05-01 Hcl Technologies Limited Encryption and decryption of user data across tiered self-encrypting storage devices
US20140310532A1 (en) * 2011-09-28 2014-10-16 Valiuddin Y. Ali Unlocking a storage device
US9087210B2 (en) 2011-07-27 2015-07-21 Seagate Technology Llc Techniques for secure storage hijacking protection
US20150242657A1 (en) * 2014-02-27 2015-08-27 Jisoo Kim Self-encrypting drive and user device including the same
US20150248568A1 (en) * 2014-02-28 2015-09-03 Seagate Technology Llc Device Security Using an Encrypted Keystore Data Structure
CN104951409A (en) 2015-06-12 2015-09-30 中国科学院信息工程研究所 System and method for full disk encryption based on hardware
US20160070493A1 (en) 2014-09-04 2016-03-10 Samsung Electronics Co., Ltd. Data storage device and method of operating the same
US20160231803A1 (en) 2015-02-06 2016-08-11 Kabushiki Kaisha Toshiba Memory device and information processing device
US20160285638A1 (en) 2015-03-25 2016-09-29 Intel Corporation Challenge response authentication for self encrypting drives
US20170177381A1 (en) * 2015-12-18 2017-06-22 Asher Altman Secure resume from a low power state
US20170270308A1 (en) * 2014-12-05 2017-09-21 Fujitsu Limited Security device and control method
US20170277916A1 (en) 2014-11-18 2017-09-28 Intel Corporation Secure control of self-encrypting storage devices
US20180262336A1 (en) * 2017-03-09 2018-09-13 Toyota Jidosha Kabushiki Kaisha Locking and unlocking system and key unit
US20200036538A1 (en) * 2018-07-30 2020-01-30 The United States Of America As Represented By The Secretary Of The Navy Device and Method for Hardware Timestamping with Inherent Security

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8850583B1 (en) * 2013-03-05 2014-09-30 U.S. Department Of Energy Intrusion detection using secure signatures
US9043613B2 (en) * 2013-06-28 2015-05-26 International Business Machines Corporation Multiple volume encryption of storage devices using self encrypting drive (SED)
US9117086B2 (en) * 2013-08-28 2015-08-25 Seagate Technology Llc Virtual bands concentration for self encrypting drives
JP6328045B2 (en) * 2014-12-11 2018-05-23 東芝メモリ株式会社 Memory device
CN204791027U (en) * 2015-07-02 2015-11-18 沈阳睿隆鸿业科技有限公司 Safe solid state hard drives controller
US9477489B1 (en) * 2015-07-09 2016-10-25 Dell Products L.P. Software based self-encrypting drive (SED) sleep resuming method
US10069625B2 (en) * 2015-09-22 2018-09-04 Quanta Computer Inc. System and method for automatic key generation for self-encrypting drives

Patent Citations (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6711264B1 (en) * 1998-10-29 2004-03-23 Fujitsu Limited Security improvement method and security system
CN101043326A (en) 2006-03-22 2007-09-26 赵兴 Dynamic information encrypting system and method
US20080304364A1 (en) * 2007-06-08 2008-12-11 Michael Holtzman Memory device with circuitry for improving accuracy of a time estimate
US20090037654A1 (en) * 2007-07-30 2009-02-05 Stroz Friedberg, Inc. System, method, and computer program product for detecting access to a memory device
US20110258456A1 (en) * 2010-04-14 2011-10-20 Microsoft Corporation Extensible management of self-encrypting storage devices
US20120072735A1 (en) * 2010-09-17 2012-03-22 Kabushiki Kaisha Toshiba Storage device, protection method, and electronic device
US20120260023A1 (en) * 2011-04-08 2012-10-11 Kabushiki Kaisha Toshiba Storage device, protection method, and electronic apparatus
US9087210B2 (en) 2011-07-27 2015-07-21 Seagate Technology Llc Techniques for secure storage hijacking protection
US20140310532A1 (en) * 2011-09-28 2014-10-16 Valiuddin Y. Ali Unlocking a storage device
US20140122867A1 (en) * 2012-10-26 2014-05-01 Hcl Technologies Limited Encryption and decryption of user data across tiered self-encrypting storage devices
US20150242657A1 (en) * 2014-02-27 2015-08-27 Jisoo Kim Self-encrypting drive and user device including the same
US20150248568A1 (en) * 2014-02-28 2015-09-03 Seagate Technology Llc Device Security Using an Encrypted Keystore Data Structure
US20160070493A1 (en) 2014-09-04 2016-03-10 Samsung Electronics Co., Ltd. Data storage device and method of operating the same
US20170277916A1 (en) 2014-11-18 2017-09-28 Intel Corporation Secure control of self-encrypting storage devices
US20170270308A1 (en) * 2014-12-05 2017-09-21 Fujitsu Limited Security device and control method
US20160231803A1 (en) 2015-02-06 2016-08-11 Kabushiki Kaisha Toshiba Memory device and information processing device
US20160285638A1 (en) 2015-03-25 2016-09-29 Intel Corporation Challenge response authentication for self encrypting drives
CN107408175A (en) 2015-03-25 2017-11-28 英特尔公司 For the challenge responses certification from encryption driving
CN104951409A (en) 2015-06-12 2015-09-30 中国科学院信息工程研究所 System and method for full disk encryption based on hardware
US20170177381A1 (en) * 2015-12-18 2017-06-22 Asher Altman Secure resume from a low power state
US20180262336A1 (en) * 2017-03-09 2018-09-13 Toyota Jidosha Kabushiki Kaisha Locking and unlocking system and key unit
US20200036538A1 (en) * 2018-07-30 2020-01-30 The United States Of America As Represented By The Secretary Of The Navy Device and Method for Hardware Timestamping with Inherent Security

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"NVM Express Revision 1.3a", NVM Express, Inc. Oct. 24, 2017.
"TCG Storage Opal Integration Guidelines, Version 1.00 Revision 1.00" Trusted Computing Group, Mar. 16, 2016.

Also Published As

Publication number Publication date
TWI712889B (en) 2020-12-11
JP2020030527A (en) 2020-02-27
CN110851886A (en) 2020-02-28
TW202009717A (en) 2020-03-01
CN110851886B (en) 2023-11-21
US20200065528A1 (en) 2020-02-27

Similar Documents

Publication Publication Date Title
US11222144B2 (en) Self-encrypting storage device and protection method
KR102013841B1 (en) Method of managing key for secure storage of data, and and apparatus there-of
JP4982825B2 (en) Computer and shared password management methods
US20100058066A1 (en) Method and system for protecting data
US20180046805A1 (en) Hardware-based software-resilient user privacy exploiting ephemeral data retention of volatile memory
US20130275775A1 (en) Storage device, protection method, and electronic device
US9935768B2 (en) Processors including key management circuits and methods of operating key management circuits
US20120278598A1 (en) Disabling communication ports
CN108920984B (en) Prevent cloning and falsify safe SSD main control chip
US20230059382A1 (en) Electronic device
EP3757838B1 (en) Warm boot attack mitigations for non-volatile memory modules
US10505927B2 (en) Memory device and host device
CN114764512A (en) Encryption key management
US10880082B2 (en) Rekeying keys for encrypted data in nonvolatile memories
US11533172B2 (en) Apparatus and method for securely managing keys
CN111737773A (en) Embedded secure memory with SE security module function
CN108475316B (en) Securing data
CN109583196B (en) Key generation method
KR102240830B1 (en) Data processing system including key manager and operating method of key manager
US9158943B2 (en) Encryption and decryption device for portable storage device and encryption and decryption method thereof
CN109598150B (en) Key using method
KR101617089B1 (en) Non-volatile memory chip for enhancing security and method for data security using the non-volatile memory chip
CN117454361A (en) Key management method and related equipment
TW202036349A (en) Computer system and method for virtual hard disk encryption and decryption

Legal Events

Date Code Title Description
FEPP Fee payment procedure

Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

AS Assignment

Owner name: TOSHIBA MEMORY CORPORATION, JAPAN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:OGAWA, TAKAYA;REEL/FRAME:051069/0066

Effective date: 20190529

AS Assignment

Owner name: WILMINGTON TRUST, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT, CONNECTICUT

Free format text: PATENT SECURITY AGREEMENT;ASSIGNOR:SPACE SYSTEMS/LORAL, LLC;REEL/FRAME:053866/0439

Effective date: 20200922

Owner name: WILMINGTON TRUST, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT, CONNECTICUT

Free format text: PATENT SECURITY AGREEMENT;ASSIGNOR:SPACE SYSTEMS/LORAL, LLC;REEL/FRAME:053866/0810

Effective date: 20200922

Owner name: ROYAL BANK OF CANADA, AS COLLATERAL AGENT, CANADA

Free format text: PATENT SECURITY AGREEMENT;ASSIGNOR:SPACE SYSTEMS/LORAL, LLC;REEL/FRAME:053866/0535

Effective date: 20200922

STPP Information on status: patent application and granting procedure in general

Free format text: EX PARTE QUAYLE ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO EX PARTE QUAYLE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS

STPP Information on status: patent application and granting procedure in general

Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT RECEIVED

STPP Information on status: patent application and granting procedure in general

Free format text: AWAITING TC RESP, ISSUE FEE PAYMENT VERIFIED

STPP Information on status: patent application and granting procedure in general

Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT VERIFIED

STCF Information on status: patent grant

Free format text: PATENTED CASE

AS Assignment

Owner name: KIOXIA CORPORATION, JAPAN

Free format text: CHANGE OF NAME;ASSIGNOR:TOSHIBA MEMORY CORPORATION;REEL/FRAME:058777/0822

Effective date: 20191001

AS Assignment

Owner name: MAXAR TECHNOLOGIES HOLDINGS INC., COLORADO

Free format text: TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENTS AND TRADEMARK - RELEASE OF REEL/FRAME 053866/0719;ASSIGNOR:ROYAL BANK OF CANADA, AS AGENT;REEL/FRAME:063534/0550

Effective date: 20230503

Owner name: MAXAR SPACE LLC, CALIFORNIA

Free format text: TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENTS AND TRADEMARK - RELEASE OF REEL/FRAME 053866/0719;ASSIGNOR:ROYAL BANK OF CANADA, AS AGENT;REEL/FRAME:063534/0550

Effective date: 20230503

Owner name: MAXAR INTELLIGENCE INC., COLORADO

Free format text: TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENTS AND TRADEMARK - RELEASE OF REEL/FRAME 053866/0719;ASSIGNOR:ROYAL BANK OF CANADA, AS AGENT;REEL/FRAME:063534/0550

Effective date: 20230503